Role-Based Access Control
Mumimo uses a role-based access control (RBAC) system to manage command access.
Every command declares its required roles in plugin.toml, and the
PrivilegeService checks a user’s roles against those requirements before
dispatching the command.
How It Works
Section titled “How It Works”When a command is invoked, PrivilegeService.can_run() applies the following
4-step algorithm:
- Blacklist check (highest priority) — If the user has the
blacklistedrole, the command is denied. This overrides everything, includingadmin. - Admin allow-all — If the user has the
adminrole, the command is allowed. Admins bypass all remaining checks. - Empty command roles — If the command declares no roles at all, it is allowed for everyone. This is the default for unrestricted commands.
- Intersection check — If the user’s roles share at least one entry with the command’s required roles, the command is allowed. Otherwise it is denied.
This priority order ensures that blacklisting is always respected, admins always have access, and unguarded commands remain open to all users.
Built-in Roles
Section titled “Built-in Roles”Mumimo ships with four built-in roles:
| Role | Description |
|---|---|
blacklisted |
Explicit deny — overrides everything, even admin. |
admin |
Full access to all commands. |
moderator |
Can manage audio, media, and images. |
user |
Default role; access to basic commands. |
Custom Roles
Section titled “Custom Roles”You can define additional roles in config.toml under [roles.<name>] with a
description field:
[roles.dj]description = "Can manage audio playback."Custom roles work exactly like built-in roles — they can be assigned to users and referenced in command role lists.
Command Overrides
Section titled “Command Overrides”Operators can override the roles declared in a plugin’s plugin.toml by adding
entries to the [command_overrides] section in config.toml:
[command_overrides]"sound_board.sbdownload" = ["dj"]"bot_commands.kickuser" = ["admin", "moderator"]Each key is a "plugin.command" string, and the value is a list of roles that
replaces the manifest’s roles at boot. This lets operators tighten or loosen
access without modifying plugin files.
Runtime Role Management
Section titled “Runtime Role Management”Roles can be assigned and revoked at runtime through chat commands (admin-only):
| Command | Description |
|---|---|
!role add <user> <role> |
Assign a role to a user. |
!role remove <user> <role> |
Remove a role from a user. |
!role list <user> |
List a user’s assigned roles. Usage: !role list <user>. |
!roles |
List all defined roles. |